For HR teams
Deliver offers and separations
without the inbox trail.
Send. Confirm. Destroy.
Offer letters, separation packets, credentials, PII. Watch each recipient open it on your dashboard. The link is gone before the day is over.
THE CHALLENGE
The problem
What teams in this role actually run into when secure transfer goes wrong.
01
Inbox persistence is the threat
Offer letters and termination packets live in archived mail for years. Every breach of a personal Gmail or a forwarded thread becomes a payroll-grade PII incident with your name on it.
02
Forwarding turns into discovery
A separation packet that ends up beyond the intended recipient — partner, spouse, plaintiff's counsel — becomes a discovery problem you didn't sign up for.
03
Your HRIS holds the record, not the proof
HR systems of record store the personnel data; email delivers the document; neither produces audit-grade evidence of who opened a one-time PII packet and when. Knowing exactly who opened what, when, and from where is the difference between a clean compliance review and a quarter of cleanup. CIPH4 pairs with your HRIS and email as the proof-bearing channel for sensitive outbound packets — your existing systems keep doing what they do best, CIPH4 covers the one-shot delivery and the receipt.
THE SOLUTION
What CIPH4 gives you
The product surface that maps to those problems, one feature at a time.
01
One-view and short-expiry defaults
Drops can be set to burn after a single view, with expiry as tight as one hour. The 7-day system ceiling is the hard upper bound; most HR drops live for minutes.
02
Recipient identity bindingTeams
Require the recipient to verify their email via a single-use magic link before they can decrypt. Defeats the forwarding case where the original link reaches a non-recipient.
03
Passphrase protection
Passphrases are hashed in the recipient's browser before they ever reach our servers, then required to unlock the document. Deliver the link by email and the passphrase by phone — neither channel alone opens the packet.
04
Real-time access notification
See the exact moment the recipient opens the offer letter or separation packet. Useful for scheduling the follow-up call without the awkward 'did you get it?' email.
05
Signed deletion receiptsEnterprise
When a separation case closes, you have a cryptographically signed record that the document was destroyed — verifiable anytime on our public /verify page.
06
File requests for inbound documentsTeams
I-9 documents, signed contracts, banking forms — collect them via an encrypted file-request link instead of an email attachment. Inbound files stay encrypted at rest.
THE FLOW
How a typical workflow looks
A typical sequence — from intent to evidence — in three steps.
01
Compose
Drop in the offer letter or separation packet, set one view + 24-hour expiry, attach a passphrase you'll deliver by phone.
02
Deliver
Share the link via the candidate's or employee's email. Read the passphrase aloud on the scheduled call. No transcript, no shared channel, no second copy anywhere.
03
Watch
Confirmation arrives in real time on your dashboard the moment they open it. The link burns after their view. The audit chain holds the timestamp.
THE FRAMING
Where CIPH4 fits your program
How the same building blocks land against the frameworks your auditor cares about.
01
Frameworks we map
GDPR (EU employees), CCPA (California), and jurisdiction-specific employment privacy laws. HIPAA applies when HR administers a self-insured group health plan and is handling PHI in that capacity.
02
Controls we ship
One-view + short-expiry defaults, recipient identity binding, passphrase gating, real-time access notification.
03
Artifacts we generate
Tamper-evident access log per secure link. Cryptographically signed deletion receipts for separation-case documentation.
Ready to see it?
20 free links a month, no credit card. When you need single sign-on, compliance templates, or signed deletion receipts your auditor can verify — we'll talk.